ebpf: allow to load modules from more directories

Up until now we loaded the eBPF modules from /etc/opensnitchd. However there has been some problems upgrading the modules to newer versions with the deb packages, because every file under /etc/ is treated as a conffile, and whenever a conffile changes it prompt you to update it or not. Some users decided to no upgrade it, ending up with eBPF modules incompatible with the new daemon. https://www.debian.org/doc/manuals/maint-guide/dother.en.html#conffiles On the other hand, the FHS dictates that /etc/ is for configuration files, and /usr/lib for object files: "/usr/lib includes object files and libraries. [21] On some systems, it may also include internal binaries that are not intended to be executed directly by users or shell scripts." https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html So now, we look for the eBPF modules under /usr/local/lib/opensnitchd/ebpf/ or /usr/lib/opensnitchd/ebpf/, and as a last resort under /etc/opensnitchd/
evilsocket · Oct 18, 2022 · 474a637 · 474a637
1 parent 820e7d5
commit 474a637
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 9 deletions.
diff --git a/daemon/procmon/ebpf/ebpf.go b/daemon/procmon/ebpf/ebpf.go
@@ -56,6 +56,14 @@ var (
 	// list of local addresses of this machine
 	localAddresses []net.IP
 
+	// ex.: /usr/lib/opensnitchd/ebpf/
+	modulesDir = "/opensnitchd/ebpf"
+	paths      = []string{
+		fmt.Sprint("/usr/local/lib", modulesDir),
+		fmt.Sprint("/usr/lib", modulesDir),
+		fmt.Sprint("/etc/opensnitchd"), // deprecated
+	}
+	modulesPath   = ""
 	hostByteOrder binary.ByteOrder
 )
 
@@ -66,14 +74,13 @@ func Start() error {
 		log.Error("ebpf.Start -> mount debugfs error. Report on github please: %s", err)
 		return err
 	}
-
-	m = elf.NewModule("/etc/opensnitchd/opensnitch.o")
-	m.EnableOptionCompatProbe()
-
-	if err := m.Load(nil); err != nil {
-		log.Error("eBPF Failed to load /etc/opensnitchd/opensnitch.o: %v", err)
-		return err
+	if m = loadModule("opensnitch.o"); m == nil {
+		msg := fmt.Errorf("eBPF Failed to load %s/%s", modulesPath, "opensnitch.o")
+		log.Error("%s", msg)
+		dispatchErrorEvent(msg.Error())
+		return msg
 	}
+	m.EnableOptionCompatProbe()
 
 	// if previous shutdown was unclean, then we must remove the dangling kprobe
 	// and install it again (close the module and load it again)
@@ -138,6 +145,21 @@ func saveEstablishedConnections(commDomain uint8) error {
 	return nil
 }
 
+func loadModule(module string) *elf.Module {
+	for _, p := range paths {
+		modulesPath = p
+		m = elf.NewModule(fmt.Sprint(modulesPath, "/", module))
+
+		if err := m.Load(nil); err == nil {
+			log.Info("[eBPF] module loaded: %s/%s", modulesPath, module)
+			break
+		}
+		m = nil
+	}
+
+	return m
+}
+
 func setRunning(status bool) {
 	lock.Lock()
 	defer lock.Unlock()

diff --git a/daemon/procmon/ebpf/events.go b/daemon/procmon/ebpf/events.go
@@ -74,11 +74,15 @@ var (
 func initEventsStreamer() {
 	elfOpts := make(map[string]elf.SectionParams)
 	elfOpts["maps/"+perfMapName] = elf.SectionParams{PerfRingBufferPageCount: ringBuffSize}
-	mp := elf.NewModule("/etc/opensnitchd/opensnitch-procs.o")
+	mp := loadModule("opensnitch-procs.o")
+	if mp == nil {
+		dispatchErrorEvent(fmt.Sprintf("[eBPF events] Failed loading %s/opensnitch-procs.o", modulesPath))
+		return
+	}
 	mp.EnableOptionCompatProbe()
 
 	if err := mp.Load(elfOpts); err != nil {
-		dispatchErrorEvent(fmt.Sprintf("[eBPF events] Failed loading /etc/opensnitchd/opensnitch-procs.o: %v", err))
+		dispatchErrorEvent(fmt.Sprintf("[eBPF events] Failed loading %s/opensnitch-procs.o: %v", modulesPath, err))
 		return
 	}